From: Menglong Dong <menglong.dong@linux.dev>
To: menglong8.dong@gmail.com, andrii@kernel.org, bot+bpf-ci@kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev,
eddyz87@gmail.com, song@kernel.org, yonghong.song@linux.dev,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
haoluo@google.com, jolsa@kernel.org, davem@davemloft.net,
dsahern@kernel.org, tglx@linutronix.de, mingo@redhat.com,
jiang.biao@linux.dev, bp@alien8.de, dave.hansen@linux.intel.com,
x86@kernel.org, hpa@zytor.com, bpf@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net,
martin.lau@kernel.org, eddyz87@gmail.com,
yonghong.song@linux.dev, clm@meta.com, ihor.solodrai@linux.dev
Subject: Re: [PATCH bpf-next v12 04/13] bpf: support fsession for bpf_session_is_return
Date: Sat, 24 Jan 2026 12:56:37 +0800 [thread overview]
Message-ID: <2818250.mvXUDI8C0e@7950hx> (raw)
In-Reply-To: <5c574509ec91053e049ae7e86a354f13d4cc28ec10b0530c6302598e8662ee88@mail.kernel.org>
On 2026/1/24 12:03, bot+bpf-ci@kernel.org wrote:
> > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> > index 13f0a2de33b7..f7baeb8278ca 100644
> > --- a/kernel/trace/bpf_trace.c
> > +++ b/kernel/trace/bpf_trace.c
>
> [ ... ]
>
> > @@ -3341,34 +3349,39 @@ __bpf_kfunc __u64 *bpf_session_cookie(void *ctx)
> >
> > __bpf_kfunc_end_defs();
> >
> > -BTF_KFUNCS_START(kprobe_multi_kfunc_set_ids)
> > +BTF_KFUNCS_START(session_kfunc_set_ids)
> > BTF_ID_FLAGS(func, bpf_session_is_return)
> > BTF_ID_FLAGS(func, bpf_session_cookie)
> > -BTF_KFUNCS_END(kprobe_multi_kfunc_set_ids)
> > +BTF_KFUNCS_END(session_kfunc_set_ids)
> >
> > -static int bpf_kprobe_multi_filter(const struct bpf_prog *prog, u32 kfunc_id)
> > +static int bpf_session_filter(const struct bpf_prog *prog, u32 kfunc_id)
> > {
> > - if (!btf_id_set8_contains(&kprobe_multi_kfunc_set_ids, kfunc_id))
> > + if (!btf_id_set8_contains(&session_kfunc_set_ids, kfunc_id))
> > return 0;
> >
> > - if (!is_kprobe_session(prog) && !is_uprobe_session(prog))
> > + if (!is_kprobe_session(prog) && !is_uprobe_session(prog) && !is_trace_fsession(prog))
> > return -EACCES;
>
> The filter now allows fsession programs to call both bpf_session_is_return()
> and bpf_session_cookie(). The verifier inline handles bpf_session_is_return()
> for fsession, but what happens when an fsession program calls
> bpf_session_cookie()?
>
> Looking at bpf_session_cookie() in the same file:
>
> __bpf_kfunc __u64 *bpf_session_cookie(void *ctx)
> {
> struct bpf_session_run_ctx *session_ctx;
> session_ctx = container_of(current->bpf_ctx, struct bpf_session_run_ctx, run_ctx);
> return session_ctx->data;
> }
>
> This assumes current->bpf_ctx points to a struct bpf_session_run_ctx, but
> fsession programs use struct bpf_tramp_run_ctx (set up in __bpf_prog_enter*).
> The container_of() will return an incorrect pointer, and session_ctx->data
> will read from the wrong memory location (the saved_run_ctx field of
> bpf_tramp_run_ctx instead of the session cookie).
>
> Is this intentional to defer bpf_session_cookie() support to a later commit?
> If so, should the filter perhaps only allow bpf_session_is_return() for
> fsession at this point?
>
> Note: I see that commit b8f4610f8738 ("bpf: support fsession for
> bpf_session_cookie") in the same series adds the verifier inline for
> bpf_session_cookie() with fsession, which would resolve this. However, at
> this commit, calling bpf_session_cookie() from an fsession program would
> produce incorrect results.
As I said before, this patch implement the common part of the fsession.
and we implement the architecture specific code for x86_64 in the later
patch.
>
> >
> > return 0;
> > }
>
> [ ... ]
>
> > +static int __init bpf_trace_kfuncs_init(void)
> > {
> > - return register_btf_kfunc_id_set(BPF_PROG_TYPE_KPROBE, &bpf_kprobe_multi_kfunc_set);
> > + int err = 0;
> > +
> > + err = err ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_KPROBE, &bpf_session_kfunc_set);
> > + err = err ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING, &bpf_session_kfunc_set);
> > +
> > + return err;
> > }
>
>
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
>
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21308666922
>
next prev parent reply other threads:[~2026-01-24 6:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-24 3:31 [PATCH bpf-next v12 00/13] bpf: fsession support Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 01/13] bpf: add " Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 02/13] bpf: use the least significant byte for the nr_args in trampoline Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 03/13] bpf: change prototype of bpf_session_{cookie,is_return} Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 04/13] bpf: support fsession for bpf_session_is_return Menglong Dong
2026-01-24 4:03 ` bot+bpf-ci
2026-01-24 4:56 ` Menglong Dong [this message]
2026-01-24 3:31 ` [PATCH bpf-next v12 05/13] bpf: support fsession for bpf_session_cookie Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 06/13] bpf,x86: introduce emit_store_stack_imm64() for trampoline Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 07/13] bpf,x86: add fsession support for x86_64 Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 08/13] libbpf: add fsession support Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 09/13] bpftool: " Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 10/13] selftests/bpf: add testcases for fsession Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 11/13] selftests/bpf: test bpf_get_func_* " Menglong Dong
2026-01-24 5:09 ` Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 12/13] selftests/bpf: add testcases for fsession cookie Menglong Dong
2026-01-24 3:31 ` [PATCH bpf-next v12 13/13] selftests/bpf: test fsession mixed with fentry and fexit Menglong Dong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2818250.mvXUDI8C0e@7950hx \
--to=menglong.dong@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bot+bpf-ci@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=clm@meta.com \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=hpa@zytor.com \
--cc=ihor.solodrai@linux.dev \
--cc=jiang.biao@linux.dev \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@kernel.org \
--cc=martin.lau@linux.dev \
--cc=menglong8.dong@gmail.com \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.